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DETAILED ACTION 

Election/Restrictions 

1 . Restriction to one of the following inventions is required under 35 U.S.C. 
121: 

I. Claims 1-14, 17-20 and 22-25, drawn to a method and a system for 
authentication of an entity and messages, classified in class 713, 
subclass 170. 

II. Claims 15,16, 21 and 26, drawn to access control based on 
biometric, classified in class 713, subclass 186. 

2. Inventions I and II are related as subcombinations disclosed as usable 
together in a single combination. The subcombinations are distinct from each 
other if they are shown to be separately usable. In the instant case, invention I 
has separate utility such as authentication of an entity and messages. Invention II 
has separate utility such as access control based on biometric. See MPEP § 
806.05(d). 

3. Because these inventions are distinct for the reasons given above and 
have acquired a separate status in the art as shown by their different 
classification, restriction for examination purposes as indicated is proper. 

4. Because these inventions are distinct for the reasons given above and the 
search required for Group I is not required for Group II, restriction for examination 
purposes as indicated is proper. 
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5. Because these inventions are distinct for the reasons given above and 
have acquired a separate status in the art because of their recognized divergent 
subject matter, restriction for examination purposes as indicated is proper. 

6. Applicant is reminded that upon the cancellation of claims to a non-elected 
invention, the inventorship must be amended in compliance with 37 CFR 1 .48(b) 
if one or more of the currently named inventors is no longer an inventor of at 
least one claim remaining in the application. Any amendment of inventorship 
must be accompanied by a request under 37 CFR 1 .48(b) and by the fee 
required under 37 CFR 1 . 1 7(i). 

7. Applicant is advised that the reply to this requirement to be complete must 
include an election of the invention to be examined even though the requirement 
be traversed (37 CFR 1.143). 

8. During a telephone conversation with Eileen Lehmann on May 15,2005 a 
provisional election was made without traverse to prosecute the invention of I, 
claim 1-14, 17-20 and 22-25. Affirmation of this election must be made by 
applicant in replying to this Office action. Claim 15, 16, 21 and 26 withdrawn 
from further consideration by the examiner, 37 CFR 1.142(b), as being drawn to 
a non-elected invention. 
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9. Claims 1 -26 are presented for examination. 

Information Disclosure Statement PTO-1449 

10. The Information Disclosure Statement submitted by applicant on 
2/28/2002 and 10/14/2003 has been considered. Document number 

W 098230692 has been changed and corrected by examiner to W 09823062. 
Please see attached PTO-1449. 

Claim Rejections ■ 35 USC § 102 

1 1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 
102 that form the basis for the rejections under this section made in this Office 
action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 
122(b), by another filed in the United States before the invention by the applicant for patent or 
(2) a patent granted on an application for patent by another filed in the United States before 
the invention by the applicant for patent, except that an international application filed under 
the treaty defined in section 351(a) shall have the effects for purposes of this subsection of an 
application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

12. Claims 13 is rejected under 35 U.S.C. 102(e) as being anticipated by 
James M. Foley et al. (US Publication NO. 2002/0087894). 

Regarding Claim 13 

Foley teaches a method for authenticating a user, comprising the 
steps of: (a) receiving a claimed identity of a user (paragraph [0035]); (b) 
receiving a first authentication sample from said user via a first 
communication channel (paragraph [0035] and [0050]); (c) receiving a 
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second authentication sample from said user (paragraph [0038]-[0039]) 
via a second communication channel ((paragraph [0050]) (authentication 
system may use one or more communication channel 502)); (d) verifying 
at least one of said first and second authentication samples based on a 
stored template uniquely associated with said claimed identity; and (e) 
verifying another of said authentication samples in a manner independent 
of said verifying in (d); and (f) granting access to said user based on said 
verifying in steps (d) and (e) (paragraph [0035]-[0039]). 



Claim Rejections - 35 USC § 103 

13. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) patent may not be obtained though the invention is not identically disclose or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 



14. Claims 1, 2, 5, 6, 8, 9, 11,14, 17-19, and 22-24 are rejected under 35 
U.S.C. 103(a) as being unpatentable over James M. Foley et al. (US Publication 
NO. 2002/0087894) in view of Tadhg Kelly et al. (US Patent 6,678,826). 



Regarding Claim 1, 14 and 22 

Foley teaches a method/ computer-readable medium for 
authenticating a user, comprising the steps of: (a) receiving a claimed 
identity of a user (paragraph [0035]); (b) receiving a first authentication 
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sample from said user via a first communication channel/ path (paragraph 
[0035] and [0050]); (c) establishing a second communication channel/ 
path with said user ((paragraph [0050]) (authentication system may use 
one or more communication channel 502)); (e) verifying at least one of 
said first and second authentication samples based on a stored template 
uniquely associated with said claimed identity; (e)verifying another of said 
authentication samples in a manner independent of said verifying in (d); 
and (g) granting access to said user based on said verifying in steps (e) 
and (f) (paragraph [0035]-[0039]). Foley furthermore teaches 
authentication method may communicate the data to the user using 
different protocols (paragraph [0052] and [0053]). Foley does not explicitly 
teach said second communication channel/ path being out-of-band 
with respect to said first communication channel/ path and (d) 
performing at least a portion of a challenge-response protocol, 
regarding a second authentication sample, with said user over said 
second communication channel/ path. However, in an analogous art, 
Kelly discloses an out-of-band communication channel/ path (column 3, 
lines 45-48 and column 4, lines 55-59) and uses a challenge-response 
protocol (column 8, lines 51-53). Therefore it would have been obvious to 
one having ordinary skill in the art at the time the invention was made to 
modify Folley's method to include second communication channel/path 
being out-of-band and performing at least a portion of a challenge- 
response protocol, regarding a second authentication sample, with said 
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user over said second communication channel/ path. This would have 
been obvious because person having ordinary skill in the art at the time 
the invention was made would have been motivated to do so in order to 
discriminate and permit limited access to some user and unlimited to 
others (column 5, lines 61-64). 



Regarding Claim 2 

Foley and Kelly teach all limitation of the claim as applied to claim 1 
above and furthermore Foley teaches a method wherein said step (d) 
includes: (1) prompting said user via said second communication channel 
to provide at least one of said authentication samples; and (2) receiving 
said prompted authentication sample via said first communication channel 
((paragraphs [0035]-[0039] and [0050]) ("authentication system may use 
one or more communication channel 502". Examiner considers using any 
other communication channel 502 as applicant's second communication 
channel)). 

Regarding Claims 5 and 9 

Foley and Kelly teach all limitation of the claim as applied to claim 1 
above and furthermore Foley teaches a method comprising changing 
(updating) a template database based on at least one of said verified 
authentication samples and where at least one of said authentication 
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samples is a dynamically changing attribute held by said user ((paragraph 
[0038]) ("user may select changes to the authenticating method")). 

Regarding Claims 6, 8,19 and 24 

Foley and Kelly teach all limitation of the claim as applied to claim 
1,17 and 22 above and furthermore Foley teaches a method wherein said 
first communication channel/ path is telephonic and said second 
communication channel/ path is a computer network and at least one of 
authentication sample is a biometric attribute (paragraph [0026] and 
[0042]). 

Regarding Claim 11 

Foley and Kelly teach all limitation of the claim as applied to claim 1 
above and furthermore Foley teaches a method, wherein said step (f) 
includes the steps of: generating a first string based on said another 
authentication sample; independently generating a second string based on 
said claimed identity; digitally comparing said first and second strings; and 
authenticating said another authentication sample if said strings match 
(paragraph [0033]-[0039]). 

Regarding Claim 17 

Foley teaches a method for providing user authentication to control 
access to a protected application, comprising: (a) an interface, configured 
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to receive a claimed identity of a user; (b) an interface, connected to a first 
communication path, configured to receive a first authentication datum 
associated with said user; (c) an interface, connected to a second 
communication path to said user (paragraph [0050])("authentication 
system may use one or more communication channel 502")); (e) means 
for verifying said first authentication datum based on a nominal identity of 
said user; and (f) means for verifying said second authentication datum 
independently of (e); and (g) means for granting access to said user after 
both authentication data are verified (paragraph [0035]-[0039]). Foley 
furthermore teaches authentication method may communicate the data to 
the user using different types of communication (paragraph [0052] and 
[0053]) . Foley does not explicitly disclose an interface, connected to a 
second communication path being out-of-band with respect to said 
first communication path; (d) means for performing, over said 
second communication path, at least a portion of a challenge- 
response communication regarding a second authentication datum 
associated with said user. However, in an analogous art, Kelly discloses 
an out-of-band communication channel (column 3, lines 45-48 and column 
4, lines 55-59) and uses a challenge-response communication (column 8, 
lines 51-53). Therefore it would have been obvious to one having ordinary 
skill in the art at the time the invention was made to modify Folley's 
method to include second communication path being out-of-band and 
performing at least a portion of a challenge-response communication, 
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regarding a second authentication datum. This would have been obvious 
because person having ordinary skill in the art at the time the invention 
was made would have been motivated to do so in order to discriminate 
and permit limited access to some user and unlimited to others (column 5, 
lines 61-64). 



Regarding Claim 18 

Foley and Kelly teach all limitation of the claim as applied to claim 
17 above and furthermore Foley teaches a method, where (d) further 
comprises means for prompting said user via said second communication 
path to provide said second authentication sample via said first 
communication path (paragraph [0035]-[0039]) and furthermore Foley 
discloses that authentication system may use more communication 
channel for exchange of data (paragraph [0050]). 

Regarding Claim 23 

Foley and Kelly teach all limitation of the claim as applied to claim 
22 above and furthermore Foley teaches a method, wherein at least one 
of said means for receiving includes: means for prompting said user via 
said first communication channel to provide at least one of said 
authentication samples; and means for receiving said prompted 
authentication sample via said second communication channel. 
((Paragraphs [0035]-[0039] and [0050]) ("authentication system may use 
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one or more communication channel 502". Examiner considers using any 
other communication channel 502 as applicant's second communication 
channel)). 

15. Claims 3, 4, 7, 10, 20 and 25 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over James M. Foley et al. (US Publication NO. 
2002/0087894) in view of Tadhg Kelly et al. (US Patent 6,678,826) and further in 
view of Larry P. Heck (US Patent 6,671 ,672). 

« 

Regarding Claims 3, 4, 7, 10, 20 and 25 

Foley and Kelly teach all limitation of the claim as applied to claim 
1,17 and 22 above and furthermore Foley teaches a method of voice 
recognition (paragraph [0026]). Foley and Kelly do not explicitly disclose 
converting said spoken authentication sample into textual form via 
the application of speech recognition techniques and said (e) 
includes authenticating a unique vocal characteristic of said user by 
applying a speaker verification protocol involving said claimed 
identity, said template, and said spoken authentication sample and 
determining a telephonic caller identification of said user. 
However in analogous art, Heck discloses a method of converting spoken 
authentication sample into textual form (column 6, lines 23-28), said (e) 
includes authenticating a unique vocal characteristic of said user by 
applying a speaker verification protocol involving said claimed identity, 
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said template, and said spoken authentication sample (column 6, lines 16- 
43) and determining a telephonic caller identification of said user (column 
4, lines 59-62). Therefore it would have been obvious to one having 
ordinary skill in the art at the time the invention was made to modify 
Folley's and Kelly'ls method to include converting spoken authentication 
sample into textual form, authenticating a unique vocal characteristic of 
said user by applying a speaker verification protocol involving said claimed 
identity, said template, and said spoken authentication sample and 
determining a telephonic caller identification of said user. This would have 
been obvious because person having ordinary skill in the art at the time 
the invention was made would have been motivated to convert voice 
sample to text in order to compare the content of the output of the speech 
recognizer with the specified content, such as a stored password (column 
4, lines 50-53) and verify the identity of the user (column 4, lines 59-62). 

16. Claims 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
James M. Foley et al. (US Publication NO. 2002/0087894) in view of Tadhg Kelly 
et al. (US Patent 6,678,826) and further in view of David L. Wood et al. (US 
Patent 6,668,322). 
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Regarding Claim 12 

Foley and Kelly teach all limitation of the claim as applied to claim 1 
above but they do not explicitly teach enabling a single sign-on process by 
sharing said authentication across multiple applications requiring 
authentication during a common session. However in analogous art, 
Wood discloses a method of single sign-on process (column 4, lines 60-67 
and column 5, lines 1-9). Therefore it would have been obvious to one 
having ordinary skill in the art at the time the invention was made to 
modify Folley's and Kelly's method to include single sign-on-process. This 
would have been obvious because person having ordinary skill in the art 
at the time the invention was made would have been motivated to do so in 
order to maintain continuity of a persistent session across multiple 
accesses to one or more information resources (column, lines 28-31). 

References Cited, Not Used 

17. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: 

1. U.S. Patent No. 6,070,243 

This reference relates to regulating connectivity to and 
communicability within communication networks. 

2. U.S. Patent No. 6,880,088 
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This reference relates to apparatus and methods for transmitting 
secure messages in a digital communications network. 

Conclusion 

1 8. Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Ali Abyaneh whose telephone number 
is (571) 272-7961. The examiner can normally be reached on Monday- 
Friday from (8:00-5:00). If attempts to reach the examiner by telephone 
are unsuccessful, the examiner's supervisor, Albert Decady can be 
reached on (571)272-3819. The fax phone numbers for the organization 
where this application or proceeding is assigned as (703) 872-9306. 
Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status 
information for published applications may be obtained from either Private 
PAIR or Public PAIR. Status information for unpublished applications is 
available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on 
access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 

Ali Abyaneh A A 
Patent Examiner 
Art Unit 2133 
05/210/05 



